Black Arrow Cyber Threat Intelligence Briefing 09 January 2025

11 Jan

Welcome to this week’s Black Arrow Cyber Threat Intelligence Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Executive Summary

This week’s review of cyber security insights in the specialist and general media includes a look back at 2025 and a look forward to 2026, with recommended focus areas for business leaders. Last year saw an increase in attacks and a greater focus on gaining entry through employees and third parties, and exploiting insufficient controls around access management.

The escalation in risks requires business leaders in 2026 to test their resilience to a cyber attack through rehearsals of the incident response plan. From experience of running many simulations with clients across the world, we strongly recommend the rehearsal should be led by an impartial cyber and business expert to take you and your control providers, including IT, into ‘what if’ scenarios that help to flush out assumptions.

This week, we also include news on attack campaigns for you to be aware of, including fake DocuSign emails and the continued attacks on organisations that rely only on passwords to secure access.

Contact us to discuss how to reflect our threat intelligence briefing in your approach to cyber security, in an impartial and proportionate manner.

Top Cyber Stories of the Last Week

2025 Proved Hackers Aren’t Slowing Down – and Neither Should You

Cyber activity intensified in 2025, with ransomware, espionage, cryptomining and infostealers hitting manufacturing, aerospace and critical infrastructure. Attackers are moving beyond passwords to session token theft, exploiting non-human identities and AI-driven social engineering. The Jaguar Land Rover incident shows third-party compromise can cripple operations. Business leaders should prioritise a Zero Trust model, and encourage staff to pause before clicking and to verify urgent requests before acting.

Source: https://www.phonearena.com/news/2025-proved-hackers-arent-slowing-down-neither-should-you_id177153

Ransomware Attacks Kept Climbing in 2025 as Gangs Refused to Stay Dead

Ransomware victim numbers rose sharply in 2025, with thousands of organisations named on extortion sites. Law enforcement disrupted several major groups, but attackers quickly re-emerged under new brands and affiliations. Entry points increasingly involve social engineering and stolen credentials rather than technical exploits, keeping barriers to entry low. To address this, organisations should prioritise protecting credentials, staff vigilance, and testing recovery plans, recognising that law enforcement action rarely eliminates the threat of attack.

Source: https://www.theregister.com/2026/01/08/ransomware_2025_emsisoft/

Phishing Kits Soared in Popularity Last Year as Rookie Hackers Ramped Up DIY Cyber Attacks

Phishing kits are making large-scale attacks easier, with most high-volume campaigns relying on pre-built tools that support MFA bypass and evasion. QR codes and obfuscated links are increasingly used to avoid detection, enabling less skilled attackers to run sophisticated campaigns. Business leaders should focus on strengthening access controls and authentication, reducing link-clicking behaviour, and ensuring staff recognise QR and MFA-bypass lures as part of routine security awareness.

Source: https://www.itpro.com/security/phishing/phishing-as-a-service-kits-growth-2025-barracuda

Cyber Risk Trends for 2026: Building Resilience, Not Just Defences

Cyber risk in 2026 is shaped by increasingly automated, persistent and intelligent attacks; this requires business leaders to shift their focus to resilience across governance, operations, technology and people. Key pressures include AI-driven social engineering, third-party dependencies, uncertainty around quantum computing risks and geopolitical instability. Priorities include ensuring recovery readiness and clear ownership, strengthening how identity and access are managed, and rehearsing incident response that measures success by time to detect, contain and recover.

Source: https://www.securityweek.com/cyber-risk-trends-for-2026-building-resilience-not-just-defenses/

Cyber Risk in 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience

Geopolitical friction will amplify cyber risk in 2026 due to shifting alliances and sanctions. Employee use of AI tools that are not within the remit of the organisation’s security controls adds unmanaged risks to vulnerability management, incident response and resilience processes. Maritime logistics is a prime target, with resilient shipping relying on real-time monitoring and intelligence-led risk exposure management. Business leaders should embed AI governance and geopolitical awareness into risk planning.

Source: https://www.infosecurity-magazine.com/opinions/geopolitics-supply-chains-shadow/

Average Cyberattack Cost Hits $2.5M as Recovery Lags

A survey of 750 CISOs across the US and UK shows recovery is taking longer and costing more, with average recovery costs at $2.5M. Many organisations face days of downtime and some up to weeks. Fewer organisations now have formal cyber resilience strategies, yet boards still expect zero breaches. Leadership responses include resetting expectations, prioritising rapid recovery, and reducing time to restore operations rather than relying solely on prevention.

Source: https://www.telecomstechnews.com/news/average-cyberattack-cost-hits-2-5m-as-recovery-lags/

New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems

Attackers are using fake DocuSign emails to trick staff into launching malware on Windows devices. The campaign is designed to evade common security checks and can run without obvious warning signs. Organisations should confirm their endpoint protections can detect malicious activity triggered through email links or attachments, and ensure staff treat unexpected document-signing requests with caution and verify requests via trusted channels.

Source: https://cybersecuritynews.com/new-phishing-attack-impersonate-as-docusign/

Phishers Exploit Office 365 Users Who Let Their Guard Down

Phishing attacks are increasingly exploiting misconfigured Office 365 tenants allowing attackers to spoof trusted domains and route messages in ways that evade controls. In October 2025 alone, Microsoft reported blocking over 13 million MFA-bypass phishing emails linked to an attack campaign known as Tycoon2FA. To reduce risks, ensure tenant email authentication controls are correctly configured, prioritise phishing-resistant MFA, and treat email-based password resets as a high-risk process.

Source: https://www.darkreading.com/cloud-security/phishers-exploit-office-365-users-guard-down

Dozens of Organisations Fall Victim to Infostealers After Failing to Enforce MFA

Fifty global organisations were compromised after relying on passwords alone to access cloud systems. Attackers used infostealers to harvest stored credentials, including some that were years old, and accessed cloud platforms and exfiltrated large volumes of data, including a reported 139GB from one firm. Business leaders should ensure MFA is enforced for cloud access, reduce reuse of old credentials, and monitor access logs and unusual downloads.

Source: https://www.techradar.com/pro/security/dozens-of-organizations-fall-victim-to-infostealers-after-failing-to-enforce-mfa

Governance, Risk and Compliance

The Big Risks for ’26 – Resilience key in navigating cyber landscape

Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses - SecurityWeek

2025 proved hackers aren’t slowing down – and neither should you - PhoneArena

What European security teams are struggling to operationalize - Help Net Security

Average cyberattack cost hits $2.5M as recovery lags

8 things CISOs can’t afford to get wrong in 2026 | CSO Online

Threats

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

A rash of Baltic cable-cutting raises fears of sabotage

Russia Builds Underwater Drone Fleet That Could Target NATO Cables and Pipelines — UNITED24 Media

Leak exposes Knownsec’s role in state cyber targeting | Cybernews

Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

What is happening to the Internet in Venezuela?

Nation State Actors

Cyber Risk In 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience - Infosecurity Magazine

Illegal crypto dealings hit $154B amid surge in state-sponsored threats - Chainalysis report - Cryptopolitan

China

Leak exposes Knownsec’s role in state cyber targeting | Cybernews

New China-linked hackers breach telcos using edge device exploits

Hundreds of British buses have Chinese ‘kill switch’

China hits Taiwan with 2.6M cyberattacks a day | Cybernews

Taiwan blames Chinese ‘cyber army’ for rise in millions of daily intrusion attempts | CyberScoop

China-linked groups intensify attacks on Taiwan’s critical infrastructure, NSB warns

China moves to rein in 'anthropomorphic' AI chatbots

China’s New Cybersecurity Law Demands Faster Incident Reporting From Companies - gHacks Tech News

Congressional staff emails hacked as part of Salt Typhoon campaign | TechRadar

Russia

A rash of Baltic cable-cutting raises fears of sabotage

Russia Builds Underwater Drone Fleet That Could Target NATO Cables and Pipelines — UNITED24 Media

ClickFix attack uses fake Windows BSOD screens to push malware

Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

Hackers target Booking.com users | Cybernews

Russian hackers target European hospitality industry with ‘blue screen of death’ malware | The Record from Recorded Future News

Starlink Satellites Might Start Falling Out Of The Sky Due To This New Threat

North Korea

North Korean hackers using QR codes to attack governments and think tanks: FBI | NK News

The Evolution of North Korea – And What To Expect In 2026 | SC Media UK

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

International Threats: Themes for Regional Phishing Campaigns - Security Boulevard

Cyber Risk In 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience - Infosecurity Magazine

Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes - POLITICO

US Action in Venezuela Provokes Cyberattack Speculation

Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes - POLITICO

What is happening to the Internet in Venezuela?

US, observers watch for cyber, disinformation campaigns in wake of Venezuela raid - Defense One

President Trump Orders Divestment in $2.9 Million Chips Deal to Protect US Security Interests - SecurityWeek

Cyberattacks Likely Part of Military Operation in Venezuela

Critics pan spyware maker NSO's transparency claims amid its push to enter US market | TechCrunch

Tools and Controls

Cyber Risk Trends for 2026: Building Resilience, Not Just Defenses - SecurityWeek

Think of executive security as a must-have, not a luxury | SC Media

Logitech caused its mice to freak out by not renewing a certificate | The Verge

Security teams are paying more attention to the energy cost of detection - Help Net Security

How AI is Changing the Incident Response Landscape: What GCs Need to Know | Alston & Bird - JDSupra

The Boardroom Case for Penetration Testing - Security Boulevard

Why cybersecurity cannot hire its way through the AI era | CyberScoop

Age verification changed the internet in 2025 – here's what it means for your privacy in 2026 | TechRadar

HSBC blocks app users for having sideloaded password manager • The Register

Enterprises still aren’t getting IAM right – Computerworld

Legacy IAM was built for humans — and AI agents now outnumber them 82 to 1 | VentureBeat

Yes, criminals are using AI to vibe-code malware • The Register

Legislation, loopholes, and loose ends — what does 2026 hold for the VPN industry? | TechRadar

Lack of training opening up councils to future cyber attacks - BBC News

The Role of Behavioral Analytics in Enhancing Cybersecurity Defense - Security Boulevard

Hackers claim to hack Resecurity, firm says it was a honeypot

Other News

Car brands must go back to cyber security school | Auto Express

Google tops the list of most exploited platforms in the US

Logitech caused its mice to freak out by not renewing a certificate | The Verge

Lack of training opening up councils to future cyber attacks - BBC News

Uk Government's Digital ID plan is a ‘huge new cyber risk’ say Tories

Cyber security Bill will introduce mandatory digital ID by stealth, say Tories | Morning Star

Why schools are at risk from cyber attacks | Education Business

UK government to spend £210m on public sector cyber resilience | Computer Weekly

UK government admits years of cyber policy have failed, announces reset | The Record from Recorded Future News

Vulnerability Management

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries - SecurityWeek

How attackers are weaponizing open-source package managers [Q&A] - BetaNews

Vulnerabilities

Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass

VMware ESXi zero-days likely exploited a year before disclosure

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Adobe ColdFusion Servers Targeted in Coordinated Campaign - SecurityWeek

Multiple Vulnerabilities in QNAP Tools Let Attackers Obtain Secret Data

Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers - Infosecurity Magazine

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

Cisco switches hit by reboot loops due to DNS client bug

Google fixes critical Dolby Decoder bug in Android January update

Legacy D-Link routers actively exploited in the wild | Cybernews

Sector Specific

Industry specific threat intelligence reports are available.

· Automotive

· Construction

· Critical National Infrastructure (CNI)

· Defence & Space

· Education & Academia

· Energy & Utilities

· Estate Agencies

· Financial Services

· FinTech

· Food & Agriculture

· Gaming & Gambling

· Government & Public Sector (including Law Enforcement)

· Health/Medical/Pharma

· Hotels & Hospitality

· Insurance

· Legal

· Manufacturing

· Maritime & Shipping

· Oil, Gas & Mining

· OT, ICS, IIoT, SCADA & Cyber-Physical Systems

· Retail & eCommerce

· Small and Medium Sized Businesses (SMBs)

· Startups

· Telecoms

· Third Sector & Charities

· Transport & Aviation

· Web3

Contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to external articles are provided for general interest and awareness only. Linking to or reposting external content does not constitute endorsement of or by any organisation, service, or product. We do not control and are not responsible for the content, security, or availability of external websites or links. Full credit is given to the original authors and sources. E&OE.

Black Arrow Admin

Black Arrow Cyber Threat Intelligence Briefing 09 January 2025

Executive Summary

Top Cyber Stories of the Last Week

2025 Proved Hackers Aren’t Slowing Down – and Neither Should You

Ransomware Attacks Kept Climbing in 2025 as Gangs Refused to Stay Dead

Phishing Kits Soared in Popularity Last Year as Rookie Hackers Ramped Up DIY Cyber Attacks

Cyber Risk Trends for 2026: Building Resilience, Not Just Defences

Cyber Risk in 2026: How Geopolitics, Supply Chains and Shadow AI Will Test Resilience

Average Cyberattack Cost Hits $2.5M as Recovery Lags

New Phishing Attack Impersonate as DocuSign Deploys Stealthy Malware on Windows Systems

Phishers Exploit Office 365 Users Who Let Their Guard Down

Dozens of Organisations Fall Victim to Infostealers After Failing to Enforce MFA

Governance, Risk and Compliance

Threats

Ransomware, Extortion and Destructive Attacks

Ransomware Victims

Phishing & Email Based Attacks

Other Social Engineering

Fraud, Scams and Financial Crime

Artificial Intelligence

2FA/MFA

Malware

Bots/Botnets

Mobile

Denial of Service/DoS/DDoS

Internet of Things – IoT

Data Breaches/Leaks

Organised Crime & Criminal Actors

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

Insider Risk and Insider Threats

Insurance

Supply Chain and Third Parties

Cloud/SaaS

Identity and Access Management

Encryption

Linux and Open Source

Passwords, Credential Stuffing & Brute Force Attacks

Social Media

Regulations, Fines and Legislation

Models, Frameworks and Standards

Careers, Roles, Skills, Working in Cyber and Information Security

Law Enforcement Action and Take Downs

Misinformation, Disinformation and Propaganda